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REMARKS 

Reconsideration and further examination of the subject patent application in light of the 
present Amendment and Remarics i8 respectfully requested^ 

Claims M6, 19. 21, and 23-36, i.e.. aU of the pending claims, aie indicated as being 
rejected under 35 U.S.C. 102(a). However, two references arc used to support this rejection - 
Munroe, USP *614 and Colbum, USP '404. Accordingly. Applicant treats this rejection as being 
under 35 U.S.C. 103. 

L Claim I and its dependent claims 

The Munioe reference has already been discussed in the previous Reply, filed April 23, 
2005, where it has been demonstrated that the Munroe scheme cannot be employed in a modem 
PC operating system, such as Windows®. Notably, it has been explained that the presently 
claimed invention enables decoupling of the user's access rights from the protection level 
applied to an object- To achieve this feature, the claimed invention assigns to each object a trust 
value and an object type, and assigns to each process a trust value. A set of rules is stored in the 
computer for each combination of object trust value, process trust value, and object type. In this 
manner, two objects having the same trust values may receive high protection, but access to 
these files by a process would depend not only on their trust value, but on the combination of 
trust value of the object, of the process, and on the object type. As demonstrated in the previous 
Reply, Munroe failed to disclose this feature as claimed in the pending claims. Additionally, 
Applicant respectfully submits that Colbum fails to remedy ttie deficiencies of Munroe and that 
the combination of Munroe and Colbum fails to make the pending claims unpatentable. 

As admitted in the pending Office Action, Monroe fails to disclose at least the limitations 
of claim 1: 
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"defining at least two object types; 
assigning an object type to each of the objects; 

defining an action rule for each combination of process trust group value, object 
trust group value, and object type; and, 

upon an access request by a requesting process to a target object, performing the action 
indicated by the action rule applicable to the trust group value of the requesting process, the trust 
group value of the target object, and the object type." 

Applicant respectfully submits that Colbum fails to disclose these claimed features, and the 
combination of Munroe and Colbum fails to disclose or suggest these features. For example, it is 
alleged that Colbum's Figure 3 and the disclosure on column 5, line 65 through column 6, line 
28 discloses the limitations: "defining at least two object types; and assigning an object type to 
each of the objects." However, no such disclosure is provided in the cited reference. Rather, 
Colbum discloses various different objects (70-78), which "correspond to particular types of 
entities or articles..." (Col. 6, Ln. 5-7). However, Colbum does not disclose that these objects 
are of different types or that they are being assigned a different object tvpe. 

Similarly, it is alleged that Colbum's Tables 1 and 2 and Col. 9, In. 1 through Col. 10, In. 
5 discloses the limitations: "defining an action rule for each combinadon of process trust group 
value, object tmst group value, and object type." However, no such disclosure is provided in the 
cited reference. That is, in the cited Colbum disclosure there is no reference to a process trust 
group value or object trust group value. Rather, Colbum's cited disclosure bases the permission 
decision on Access Constraints and one of the enumerated conditions is met. Nowhere is 
Colbum discloses or even remotely suggests that the permission table is constructed according to 
"each combination of process trust group value, object trust group value, and object type." 

Moreover, as can be understood from Colbum's cited disclosure, the major thrust of 
Colbum's disclosed permission system is access based, i.e., user authorization. The system 
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always checks to see whether the access authorization is for "owner/' "all" or "exemplar." As 
noted in the subject specification and in the previous Reply, one advantageous feature of the 
claimed invention is the decoupling of the user access permission ftom the authorization process. 
For example, claim 1 explicitly recites: "assigning objects and processes in the computer to one 
of said trust groups, irYespcctive of the rights of a user of said computer.*' Clearly, Colbum*s 
cited disclosure is contrary to this limitation and an attempt to combine Colbum's disclosure 
with Monroe's disclosure would cause a conflict and will not provide a suggestion of how to 
generate the inventive system that decouples the user access rights from the permission decision. 

Finally, it is alleged that on Col. 10, lines 6-14 Colbum discloses the limitation: 
"perfomiing the action indicated by the action rule applicable to the trust group value of the 
requesting process, the trust group value of the target object, and the object type." However, 
Applicant respectfully submits that no such disclosure is to be found in the cited passage. The 
cited passage only proposes that "[T]hese security features provide various security levels by 
which objects from trusted and secure sources can have extensive access to a user's computer 
system resources or objects while objects from unknown or untrusted sources have only limited, 
relatively safe access rights." There is no disclosure or suggestion, whatsoever of the claimed 
decision process of selecting an access rule that is "applicable to the trust group value of the 
requesting process, the trust group value of the target object, and the object type." 

n. Claim 13 and its dependent claims 

While in the pending Office Action claims 1 and 13 are treated together and are rejected 
using a single line of reasoning, claims 13 is couched in a language that is vastly different from 
claim 1. Indeed, claim 13 recites various Hmitations that are not found in claim 1 and arc not 
disclosed or suggested by the cited references or any combinations thereof. For example, 
Applicant respectfully submits that the cited references fails to disclose, and that the Examiner 
failed to point to any disclosure relating to at least the limitations: 
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"define a first and a second rule sets, each of said rale sets comprising a plurality of 
niles defining an action based on an operation type; 

define a table of at least two trust groups, wherein each trust group comprise one 
trust group value and said first and second rule sees; and 

assign objects and processes in the computer to one of said trust groups irrespective 
of the rights of a user of said computer, 

whereby upon operation of a process over an object, the computer is configured to: 

compare a mist group value of the process with a trust group value of the object; 

determine whether to allow the operation by following the rules of said first rule set 
if the trust group value of the process is not smaller than the trust group of the object and 

following the rales of said second rale set if the trast group value of the process is smaller 
than the trust group value of the object." 

If the Examiner wishes to maintain the xejection of claim 13, Applicant respectfully 
requests the Examiner to particularly point out where in the cited references these limitations can 
be found. 

At least for these reasons, Applicant respectfully submits that claims 1 and all of its 
depending claims are allowable over the cited references and any combinations thereof. 

ni. Claim 23 and its dependent claiins 

With respect to claim 23, Applicant respectfully submits that the reasoning for the 
standing rejection is inconsistent and respectfully requests the Examiner to withdraw this 
rejection. For example, it is alleged that Munroe discloses the limitation: "a list of object trast 
groups, each trast group defining an object tmst value and coupled to at least on e of said rales/' 
[emphasis added]. However, it is admitted that ^ 'Munroe et al, does not teach a list of object 
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types and a list of rules, each rule defining an action based on an object type." (bottom of page 8 
of the pending Office Action). Since Munroc admittedly fails to disclose a list of rules, how 
could it possibly be that Munroe discloses "each trust group defining an object tnist value and 
coupled to at least one of said rules? *' Clearly Munroe does not disclose this limitation. 

Similarly^ Colbum fails to teach or suggest limitations specified in claim 23, For 
example, while it is alleged that Colbum teaches "a list of mles each of said rules defining an 
action based on an object type " Colbum actually teaches a list of rules that are based on access 
authorizadon (all, owner, exemplar) not based on object type. 

The remaining claims provide features that further distinguish the claimed invention from 
Monroe and Colbum and their combinadon, or any other prior art of record. 

Conclusion 

For the foi^going reasons, applicant submits that the subject application is in condition 
for allowancei and earnestly solicits an early Notice of Allowance. Should the Examiner be of 
die opinion that a telephone conference would expedite prosecution of the subject application, 
the Examiner is respectfully requested to call the undersigned at the below-listed number. 

Applicant hereby petitions for any extension of time that may be required to keep this 
application alive. 
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The USPTO is directed and authorized to charge all required fees, except for the Issue 
Fee and the Publication Fee, to Deposit Account No. 19-4880. Please also credit any 
overpayments to said Deposit Account. 

Respectfully subr 



SUGHRUE MION,PLJX 
Telephone: (650)625-8100 
Facsimile: (650)625-8110 

MOU»nrAIN VIEW OFFlCb 




ion No. 37,771 



23493 

CUSTOMER NUMBER 

Date: August 26, 2005 



CERTIFICATE OF FACSIMILE TRANSMISSION 

I hereby centfy that ihis AMENDMENT UNDER 37 C.F.R. § 1. 1 16 is 
being facsfaiule iransmitted lo the U.5. Pstent and Trademark Office (his 
2€ih day of August, 2005. 



MaiianaTtai 
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